Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Skills needed
  • Step 1 - Assess existing skill sets
  • Step 2 - Reach out to other departments
  • Step 3 - Pick your team!
  • Step 4 - Acquire funding
  • Step 5 - Implement training requirements
  1. Incident Response Fundamentals

Building and IR team

Skills needed

  • Hands-on technical skills

    • Networking

    • Cybersecurity engineering

    • Memory analysis

    • Reverse-engineering

  • Written and oral communication skills

  • Leadership skills

  • Legal

  • HR

  • PR

Step 1 - Assess existing skill sets

Sometimes what you need already exists in the organization

Could possibly need an outside assessment performed

Never try ti design requirements aroud the existing team

Step 2 - Reach out to other departments

Reach out as early as possible

Be willing to accept some team members are "part-time" IR

Remember to vet for things such as clearance levels and condidentiality levels

Consider outside consultants for some roles

Step 3 - Pick your team!

Pick team members

Set up meetings and orientation

Remember the team may include outside consultants and people outside the IT and Security departments

Step 4 - Acquire funding

Without the first four steps, funding requests might not be representative of what's needed

None of the other things go forward without funding

Step 5 - Implement training requirements

This will include initial training as well as continuing training yearly

PreviousBuilding an IR playbookNextQuiz

Last updated 8 months ago